Security Changes: ================= All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively.

OpenSSH 3.7 fixed one of these bugs.

OpenSSH 3.7.1 fixes more similar bugs.

Changes since OpenSSH 3.6.1: ============================ * The entire OpenSSH code-base has undergone a license review. As a result, all non-ssh1.x code is under a BSD-style license with no advertising requirement. Please refer to README in the source distribution for the exact license terms.

* Rhosts authentication has been removed in ssh(1) and sshd(8).

* Changes in Kerberos support:

- KerberosV password support now uses a file cache instead of a memory cache.